Hi Everyone,
does IdentityNow event triggers support OAuth authentication type ?
-D
Hello @devrajsingh,
Welcome to the community!
You can set a Bearer token as per OAuth 2.0 Authorization Framework: Bearer Token Usage but you cannot request a bearer token when the event is actually triggered. That would probably means that this is a long-life bearer token.
Here is some more information on subscribing to event triggers. There is a field called Authentication Type that accepts either a long lived bearer token (ex. a personal access token), or a username/password for basic auth. Those are the only two supported at this time.
Is there any way to set the Bearer Token via a Rule or some kind of variable? I understand that supporting several OIDC providers token retrieval process in the Event Trigger setup options would be a challenge, but I think there should at least be a way for the Bearer Token to be passed in programmatically from perhaps a custom Bearer Token Retrieval Rule or something similar.
@devrajsingh One work-around I can think of for OAuth if your provider doesn’t support long-lived application bearer tokens is to set up a custom internet-facing service (let’s say for example it’s an AWS Lambda behind an API Gateway) that parses the Event Trigger provided JWT Bearer Token (which is just Base64-encoded JSON anyways) into a JSON object that includes, say, your OAuth application client-id, secret, and provider URL encoded as parameters/claims. You could then use that info in the Lambda along with the Event Trigger payload to get a short-lived Bearer Token for your application from your OAuth provider then pass the trigger payload and whatever you want to your Event Trigger handler that requires short-lived Bearer Token auth.
Additionally, it looks like there is an IDN API endpoint (that’s currently in Beta) to update an Event Trigger subscription called patch-subscription that can be used to update the Bearer Token dynamically.